T’a Milano S.r.l. (hereinafter the “Company” or “Data Controller”), with registered office in Milan, Via G. Marradi 7, Tax ID / VAT No. 05696960961, acting as Data Controller, hereby informs you, pursuant to art. 13 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), that your personal data will be processed in the following manner and for the following purposes:
1) Processing scope
The Data Controller processes the personal, identification, non-sensitive data (e.g. name, surname, trade name, address, telephone, e-mail – hereinafter “personal data” or just “data”) communicated by you when registering with the website, filling out contact forms on the website, or sending on-line requests for clarifications, support, or the purchase of products of the Data Controller.
2) Processing purposes
Your personal data will be processed:
A) without your express consent, pursuant to art. 6(b)(e) of the GDPR, for the following purposes:
- Managing customer relationships, accounting, orders, billing and litigation;
Legal basis: execution of a contract.
- Carrying out operations connected with and instrumental to the acquisition of information prior to entering into the contract;
Legal basis: implementation of pre-contractual measures.
- Fulfilling obligations under applicable laws or regulations, including EU laws;
Legal basis: Legal obligation.
- Managing disputes relating to contractual breaches, transactions, debt recovery, judicial disputes;
Legal basis: defence of legal claims.
- Managing and maintaining the website, processing a contact request, processing a request to register with the Data Controller’s website;
Legal basis: implementation of pre-contractual measures.
B) only with your specific and express consent (art. 7 of the GDPR), for the following marketing purposes:
- Sending you newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller, by e-mail, mail and/or text message and/or telephone.
Legal basis: consent (optional and revocable at any time).
3) Processing methods
Your personal data is processed by means of the operations specified in art. 4 of the Italian Data Protection Act and in art. 4(2) of the GDPR, such as the collection, recording, organisation, conservation, consultation, elaboration, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure, or destruction of data. Your personal data may be processed both in hard copy and by electronic means.
4) Data retention period
The personal data of website users who send a request for information using the contact form will be stored for the time strictly required to execute the request. Said data will then be deleted.
The data collected to subscribe to the newsletter service will be entered into the corporate database and stored for the duration of the service, after which they will be deleted or rendered anonymous within the timeframe established by law.
If the data subject revokes his/her consent to data processing in specific cases, said data will be deleted or rendered anonymous within 72 hours of receipt of the revocation.
Pursuant to art. 13(2)(f) of the GDPR, please note that the data collected shall not be subject to any automated decision-making, including profiling.
5) Processing browsing data
During normal operations, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is an inherent feature of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but, by its very nature, could be processed and matched with data held by third parties, thus leading to the identification of users.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method used to submit the request to the server, the returned file size, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters regarding the users’ operating system and computer environment.
Such data is only used to obtain anonymous statistical information about the website and verify its correct functioning. Said data may also be used to ascertain responsibility in the event of hypothetical computer crimes against the website.
6) Security measures
The Data Controller has adopted a variety of security measures to protect your data against the risk of loss, abuse, or alteration.
7) Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the Data Processor in their capacity as data-processing operators and/or in-house data processors;
- to third-party companies or other entities to whom activities are outsourced by the Data Controller, in their capacity as external data processors.
8) Communicating data
Without your express consent (under articles 24(a), (b) and (d) of the Italian Data Protection Act and articles 6(b) and (c) of the GDPR), the Data Controller may communicate your data to supervisory bodies, judicial authorities, and any other entity to whom communication is mandatory by law for the accomplishment of the aforementioned purposes. Your data will not be disseminated.
9) Transferring data
The management and storage of personal data will take place in Europe, on servers located in Italy belonging to the Data Controller and/or to third companies entrusted and duly appointed as Data Processors.
10) Compulsory or optional nature of the conferral of data and consequences of non-conferral
Conferral of data for the purposes set out in art. 2A is mandatory for the purposes of establishing, executing, and managing the contractual relationship correctly. Consequently, failure to confer data will result in the inability to establish a collaboration relationship and perform the services requested.
For the purposes set out in art. 2B, instead, conferral is optional. You can therefore decide not to confer your data or to subsequently revoke any consent provided. In this case, you will not receive newsletters, commercial communications or advertising material related to the services offered by the Data Controller. However, you will continue to be entitled to the services set out in art. 2A.
11) RIGHTS OF THE DATA SUBJECT
In accordance with the provisions of Chapter III, Section I, of the GDPR, you may exercise the rights set out therein, and in particular:
Right of access – right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to obtain information, in particular relating to: the purpose of the processing, the categories of personal data concerned, the envisaged period for which the personal data will be stored, and the recipients to whom the data may be communicated (article 15 of the GDPR);
Right to rectification – right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed (article 16 of the GDPR);
Right to erasure – right to obtain from the controller the erasure of personal data concerning you without undue delay in the cases provided for by the GDPR (article 17 of the GDPR);
Right to restriction of processing – right to obtain from the controller restriction of processing, in the cases provided for by the GDPR (article 18 of the GDPR);
Right to data portability – right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and to transmit said data to another controller without hindrance from the controller, in the cases provided for by the GDPR (article 20 of the GDPR);
Right to object – right to object to the processing of personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing (article 21 of the GDPR);
Right to lodge a complaint with the supervisory authority – right to lodge a complaint with the Italian Data Protection Authority, Piazza Venezia, 11 – 00187 – Rome.
12) How to exercise your rights
To exercise your rights as specified above, please write to the Data Controller at T’a Milano S.r.l., Via G. Marradi 7, Milan, Italy, or by email at firstname.lastname@example.org.
Please note that you may lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) at any time.
13) Changes to this Policy
Last updated on 22 October 2021.